Skip to main content
CVE-2025-6094 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-21085 LOW PATCH Monitor

A security vulnerability in PingFederate OAuth2 grant duplication in PostgreSQL persistent storage (CVSS 2.1) that allows oauth2 requests. Remediation should follow standard vulnerability management procedures.

PostgreSQL Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6092 LOW Monitor

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6089 LOW Monitor

A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Open Redirect
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy